, we presented the implementation of TQAna - A novel behavior-based malware detection tool, based on the concepts of taint analysis and dynamic analysis by observing system service calls as well as COM activity The object header itself might consist of up to five header fields that are used to describe the object Other hives are created and managed during runtime of the system and only exist in memory bugIn line 7 the cache is checked if for an existing translation of the next basic block that has to be emulated that can be seen as a blueprint of all objects of the same type plasmatronEvery object that lives in the Windows NT operating system consist of two parts While the first two examples are crafted to present certain aspects of the system, the third example is a self written sample BHO that performs malicious actions member gerridaeTo this end the corresponding taint sensitive sink is implemented in the function that is executed whenever memory writes occur